Tal Be'eryI Know Which Device You Used Last Summer: Fingerprinting WhatsApp Users’ DevicesWhatsApp leaks user device setup (# of devices, mobile or not) and Operating System info (Android, iPhone / iOS, Windows, Mac)Oct 15Oct 15
Tal Be'eryWhatsApp View Once Privacy Issue Initial Fix Assessment: The Good, the Bad and The UglyTL;DR: Following our recent discovery and disclosure of Meta’s WhatsApp View Once media privacy issue, WhatsApp have silently updated its…Sep 16Sep 16
Tal Be'eryOnce and Forever: WhatsApp’s View Once Functionality is BrokenMeta’s WhatsApp suggests using “View once” media for privacy. We discovered attackers can and actually do bypass this limitation.Sep 91Sep 91
Tal Be'eryRevealing the Inner Structure of AWS Session TokensTL;DR: A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box…Jul 251Jul 251
Tal Be'eryHi Meta, WhatsApp with Integrity?TL;DR: Meta’s WhatsApp suffers from an integrity issue that allows attackers to create an inconsistent world view on victims’ multi-device…May 21May 21
Tal Be'eryinZengo WalletBad Randomness: Protecting Against Cryptography’s Perfect CrimeTL;DR: Black Hat Asia invited Zengo’s research team to present research on a critical but often overlooked vulnerability in cryptography…May 8May 8
Tal Be'eryThe Ambassador protocol: Multi-device E2EE with PrivacyTL;DR: In this blog we present the ambassador protocol, our new cryptographic solution to enable End-to-End Encryption (E2EE) in the…Mar 3Mar 3
Tal Be'eryUnnecessary Evil: Multi-Device Instant Messaging can be privateTL;DR: Contrary to Meta’s WhatsApp claims, it is possible to have an Instant Messaging service with End-to-End Encryption (E2EE) in the…Jan 21Jan 21
Tal Be'eryHi Meta, WhatsApp with privacy?TL;DR: Meta’s WhatsApp suffers from a privacy issue that leaks victim devices’ setup information (mobile device + up to 4 linked devices)…Jan 173Jan 173
Tal Be'eryinZengo WalletBitcoin is a Dark Forest (too)TL;DR: Zengo researchers shed light on malicious bots monitoring the Bitcoin blockchain for bad randomness addresses, exploiting them…Dec 5, 20233Dec 5, 20233